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Role management: Role mining with ORCA 
Jurgen Schlegelmilch, Ulrike Steffens 

June 2005 Proceedings of the tenth ACM symposium on Access control models and 
technologies SACMAT '05 

Publisher: ACM Press 

Full text available: > Q pdf(212.79 KB) Additional Information: full citation , abstract , references , index terms 

With continuously growing numbers of applications, enterprises face the problem of 
efficiently managing the assignment of access permissions to their users. On the one 
hand, security demands a tight regime on permissions; on the other hand, users need 
permissions to perform their tasks. Role-based access control (RBAC) has proven to be a 
solution to this problem but relies on a well-defined set of role definitions, a role concept 
for the enterprise in question. The definition of a role concept ( ... 

Keywords: cluster analysis, data mining, role definition, role engineering, role hierarchy, 
role mining, role-based access control 



Access control: RoleMiner: mining roles using subset enumeration I I 

Jaideep Vaidya, Vijayalakshmi Atluri, Janice Warner 

October 2006 Proceedings of the 13th ACM conference on Computer and 
communications security CCS '06 

Publisher: ACM Press 

Full text available: ^| pdf(244.06 KB ) Additional Information: full c itation , abstract , references , index terms 

Role engineering, the task of defining roles and associating permissions to them, is 
essential to realize the full benefits of the role-based access control paradigm. Essentially, 
there are two basic approaches to accomplish this: the top-down and the bottom-up. The 
. top-down approach relies on a careful analysis of the business processes to define job 
functions and then specify appropriate roles from them. While this approach can aid in 
defining roles more accurately, it is tedious ... 

Keywords: RBAC, role engineering, role mining 



3 Privacy'throug h pseudonymity in user-adaptive systems 
^ Alfred Kobsa, Jorg Schreck 

May 2003 ACM Transactions on Internet Technology (TOIT), volume 3 issue 2 
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Publisher: ACM Press 

Full text available: fB|pdff881.69 KB) Additional Information: full citation, abstract, references , citings, index 
u^—" terms , review 

User-adaptive applications cater to the needs of each individual computer user, taking for 
example users' interests, level of expertise, preferences, perceptual and motoric abilities, 
and the usage environment into account. Central user modeling servers collect and 
process the information about users that different user-adaptive systems require to 
personalize their user interaction. Adaptive systems are generally better able to cater to 
users the more data their user modeling systems collect and ... 

Keywords: Chaum mix, KQML, User modeling, access control, anonymity, encryption, 
personal information, personalization, privacy, pseudonymity, reference model, secrecy, 
security, user-adaptive systems 



Flexible team-based access control using contexts 

Christos K. Georgiadis, Ioannis Mavridis, George Pangalos, Roshan K. Thomas 
May 2001 Proceedings of the sixth ACM symposium on Access control models and 
technologies SACMAT '01 

Publisher: ACM Press 

Full text available* f 51 ) odfd 86 36 KB) Ac,d ' t ' ona ' Information: full citation , abstract , references , citings, index 
'•^ : terms 

We discuss the integration of contextual information with team-based access control. The 
TMAC model was formulated by Thomas in [1] to provide access control for collaborative 
activity best accomplished by teams of users. In TMAC, access control revolves around 
teams, where a "team" is an abstraction that encapsulates a collection of users in specific 
roles and collaborating with the objective of accomplishing a specific task or goal. Users 
who belong to a team are given access to resources ... 

Keywords: access control, active security, contexts, teams 



5 Securin g context-aware a p plications usin g environment roles I I 

^fcv Michael J. Covington, Wende Long, Srividhya Srinivasan, Anind K. Dev, Mustaque Ahamad, 
Gregory D. Abowd 

May 2001 Proceedings of the sixth ACM symposium on Access control models and 
technologies SACMAT '01 

Publisher: ACM Press 

Full text available* f 51 ! pdf(131 .07 KB) Additional information: full citation , abstract , references , citings, index 

terms 

In the future, a largely invisible and ubiquitous computing infrastructure will assist people 
with a variety of activities in the home and at work. The applications that will be deployed 
in such systems will create and manipulate private information and will provide access to 
a variety of other resources. Securing such applications is challenging for a number of 
reasons. Unlike traditional systems where access control has been explored, access 
decisions may depend on the context in which re ... 

Keywords: context aware computing, role-based access control 



6 Flexible control of downloaded executable content 
Trent Jaeger, Atul Prakash, Jochen Liedtke, Nayeem Islam 

May 1999 ACM Transactions on Information and System Security (TISSEC), volume 2 

Issue 2 
Publisher: ACM Press 
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Full text available: ^ pdf(297.79 KB) Additional Information: full citation , abstract , references , citings , index 

terms , review 

We present a security architecture that enables system and application a ccess control 
requirements to be enforced on applications composed from downloaded executable 
content. Downloaded executable content consists of messages downloaded from remote 
hosts that contain executables that run, upon receipt, on the downloading principal's 
machine. Unless restricted, this content can perform malicious actions, including 
accessing its downloading principal's private data and sending messages on th ... 

Keywords: access control models, authentication, autorization machanisms, collaborative 
systems, role-based access control 



7 Flexible coordination with cooperative hypertext 
Weigang Wang, Jorg M. Haake 

May 1998 Proceedings of the ninth ACM conference on Hypertext and hypermedia : 
links, objects, time and space — structure in hypermedia systems: links, 
objects, time and space— structure in hypermedia systems HYPERTEXT 
98 

Publisher: ACM Press 

Full text available: ^]pdf (1.69 MB ) Additional Information: full citation , references , citing s, index terms 




8 S pecification and verification of security requirements in a pro g ramming model for 
^ decentralized CSCW systems 
•Tanvir Ahmed, Anand R. Tripathi 

May 2007 ACM Transactions on Information and System Security (TISSEC), volume 10 

Issue 2 
Publisher: ACM Press 

Full text available: pdf(746.89 KB) Additional Information: full citation , abstract , references , index terms 

We present, in this paper, a role-based model for programming distributed CSCW 
systems. This model supports specification of dynamic security and coordination 
requirements in such systems. We also present here a model-checking methodology for 
verifying the security properties of a design expressed in this model. The verification 
methodology presented here is used to ensure correctness and consistency of a design 
specification. It is also used to ensure that sensitive security requirements can ... 

Keywords: Security policy specification, finite state-based model checking, methodology 
for access-control policy design, role-based access control 



9 Poster session: Telling the user's stor y Q 
Virginia Hill, Velda Bartek 

March 2007 Proceedings of the 2007 symposium on Computer human interaction for 
the management of information technology CHIMIT '07 

Publisher: ACM Press 

Full text available: 'g) pdf(188.99 KB) Additional Information: full citation , abstract , references , index terms 

In this paper, we describe how user roles and persona accurately target a product's 
audience. Beginning with the definition of user roles and personas, we show how user 
roles feed the persona creation process. Personas then serve as the primary design 
communication vehicle within the product team. 
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Keywords: persona, role, scenario, story 

10 Role administration: A meta model for authorisations in application security systems Q 

and their integration into RBAC admini stration 
^ Axel Kern, Martin Kuhlmann, Rainer Kuropka, Andreas Ruthert 

June 2004 Proceedings of the ninth ACM symposium on Access control models and 
technologies SACMAT '04 

Publisher: ACM Press 

Full text available* 1S_pdf(358 84 KB) Addit ' ona, Information: full citation , abstract , references , citings, index 
" terms 

This paper presents a new concept for efficient access rights administration and access 
control. It focuses on the special requirements of application security and reflects 
experiences from the implementation of security for large industry application systems. 
Application security shows a considerable inherent complexity due to the large number of 
combinations of objects and processes for which access rights must be defined. Based on 
practical experiences, this paper introduces a new approach fo ... 

Keywords: application security, automated identity management, enterprise role-based 
access control (ERBAC), enterprise roles, role-based access control (RBAC), sam jupiter, 
security administration, security provisioning 



11 Role-based access control in telecommunication service management— dynamic role ] 
creation and management in TINA service environment 
Takeo Hamada 

October 1998 Proceedings of the third ACM workshop on Role-based access control 
RBAC '98 

Publisher: ACM Press 

Full text available: ^| pdf(975.87 KB ) Additional Information: full citation , references , index terms 




Keywords: TINA, role algebra, role class hierarchy, role mapping, role-based access 
control, security space, strongly-roled system, telecommunication service management 



12 Intellig ent A g ents Meet Semantic Web in a Smart Meetin g Room Q 
Harry Chen, Filip Perich, Dipanjan Chakraborty, Tim Finin, Anupam Joshi 

July 2004 Proceedings of the Third International Joint Conference on Autonomous 
Agents and Multiagent Systems - Volume 2 AAMAS '04 

Publisher: IEEE Computer Society 

Full text available: 1 ^ pdf ( 883.42 KB) Additional Information: full citation , abstract , citings, index terms 

We describe a new smart meeting room system called EasyMeeting that explores the use 
of FIPA agent technologies, Semantic Web ontologies, logic reasoning, and security and 
privacy policies. Building on a pervasive computing system that we have developed 
previously, EasyMeeting can provide relevant services and information to meeting 
participants based on their situational needs. Our system exploits the context-aware 
support provided by the Context Broker Architecture (CoBrA). Central to CoBrA is ... 

13 Creating seLinux policies simplified 
Irfan Habib 

February 2007 Linux Journal, volume 2007 issue 154 
Publisher: Specialized Systems Consultants, Inc. 
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SELinux is easier than you think. 



14 Im plementin g role based access control for federated information systems on the Q 
web 

Kerry Taylor, James Murty 

January 2003 Proceedings of the Australasian information security workshop 

conference on ACSW frontiers 2003 - Volume 21 ACSW Frontiers '03 

Publisher: Australian Computer Society, Inc. 

Full text available: Hi pdf( 217.89 KB) Additional Information: full citation , abstract, references , citings, index 
^ terms 

There is rapidly increasing interest in Australia in on-line sharing of information stored in 
corporate databases, especially within and between staff of independent government 
agencies. Biological collections databases and population health GIS are good examples of 
the frequent situation where database custodians are looking for dynamic, distributed, 
heterogenous federated information system models for information sharing within loosely 
constituted communities. This paper describes a security m ... 

Keywords: RBAC, federated databases 

15 Mobile and Cooperative Systems: Information sharin g and security in dynamic [H 
coalitions 



16 



Charles E. Phillips, T.C. Ting, Steven A. Demurjian 

June 2002 Proceedings of the seventh ACM symposium on Access control models and 
technologies SACMAT '02 

Publisher: ACM Press 

Full text available' "Fl Ddfd 68 MB) Additional Information: full citation , abstract , references , citings, index 

* terms 

Today, information sharing is critical to almost every institution. There is no more critical 
need for information sharing than during an international crisis, when international 
coalitions dynamically form. In the event of a crisis, whether it is humanitarian relief, 
natural disaster, combat operations, or terrorist incidents, international coalitions have an 
immediate need for information. These coalitions are formed with international 
cooperation, where each participating country offers whate ... 

Keywords: access control, distributed systems, dynamic coalitions, information security 

Flexible su p port for multiple access cont r ol policies I I 

Sushil Jajodia, Pierangela Samarati, Maria Luisa Sapino, V. S. Subrahmanian 
June 2001 ACM Transactions on Database Systems (TODS), volume 26 issue 2 
Publisher: ACM Press 

Full text available* HI pdf(460 33 KB) Addit ' onal Information: full citation , abstract , references , citing s, index 
' lH- 2 — 1 : terms 

Although several access control policies can be devised for controlling access to 
information, all existing authorization models, and the corresponding enforcement 
mechanisms, are based on a specific policy (usually the closed policy). As a consequence, 
although different policy choices are possible in theory, in practice only a specific policy 
can actually be applied within a given system. In this paper, we present a unified 
framework that can enforce multiple access control policies withi ... 
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Keywords: access control policy, authorization, logic programming 



17 The role-based access control system of a European bank: a case study and 
discussion 

Andreas Schaad, Jonathan Moffett, Jeremy Jacob 

May 2001 Proceedings of the sixth ACM symposium on Access control models and 
technologies SACMAT '01 

Publisher: ACM Press 

Full text available- Ddf(201 08 KB) Additlonal Information: full citation , abstract , references , citings , index 
* 1 : terms 

Research in the area of role-based access control has made fast progress over the last 
few years. However, little has been done to identify and describe existing role-based 
access control systems within large organisations. This paper describes the access control 
system of a major European Bank. An overview of the systems structure, its 
administration and existing control principles constraining the administration is given. In 
addition, we provide an answer to a key question - the ratio of ... 

Keywords: control principles, dual control, inheritance, least privilege, number of roles, 
role administration, role-based access control, separation of duties 



18 Mi g ratin g to role-based access control Q 
Kami Brooks 

October 1999 Proceedings of the fourth ACM workshop on Role-based access control 
RBAC 99 

Publisher: ACM Press 

Full text available: ^pdfd.22 MB) Additional Information: full citation , references , index terms 




Keywords: Tivoli Management Environment, enterprise systems management, migration, 
role-based access control, security management 



19 Policies and roles in collaborative applications Q 
W. Keith Edwards 

November 1996 Proceedings of the 1996 ACM conference on Computer supported 
cooperative work CSCW '96 

Publisher: ACM Press 

Full text available: ^jj!| pdf(1.28 MB) Additional Information: full citation , references , citings, index term s 




Keywords: Intermezzo, access control, computer-supported cooperative work, 
infrastructure, policies, roles 



20 The matrix and beyond: expandin g proactive res o urces for customers Q 
Mo Nishiyama, Leslie J. McNeil, Holly E. Wyatt 

November 2006 Proceedings of the 34th annual ACM SIGUCCS conference on User 

services SIGUCCS 06 
Publisher: ACM Press 

Full text available: ^| pdf ( 152.76 KB) Additional Information: full citation , abstract , index terms 
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At Oregon Health & Science University (OHSU), essential duties of the Information 
Technology Group (ITG) include providing support for a diverse customer base. Faculty, 
staff, students, volunteers, visiting scholars, interns, vendors, and community healthcare 
partners all rely on ITG's Customer Relations Management Division (CRMD) for resolving 
their computing and account access issues. In a dynamic support environment where 
many of the customer roles falls outside the one-size-fits-all support ... 

Keywords: communication, customer service, electronic documentation, knowledge 
management, portals, role-based matrix, workflow improvement 
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